Merge remote-tracking branch 'mbedtls-2.28' into mbedtls-2.28-restricted
diff --git a/programs/test/metatest.c b/programs/test/metatest.c
index 2973cce..b8dffa9 100644
--- a/programs/test/metatest.c
+++ b/programs/test/metatest.c
@@ -46,6 +46,12 @@
*/
volatile int false_but_the_compiler_does_not_know = 0;
+/* Hide calls to calloc/free from static checkers such as
+ * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about
+ * code where we do mean to cause a runtime error. */
+void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc;
+void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free;
+
/* Set n bytes at the address p to all-bits-zero, in such a way that
* the compiler should not know that p is all-bits-zero. */
static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n)
@@ -98,9 +104,9 @@
void read_after_free(const char *name)
{
(void) name;
- volatile char *p = mbedtls_calloc(1, 1);
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
*p = 'a';
- mbedtls_free((void *) p);
+ free_but_the_compiler_does_not_know((void *) p);
/* Undefined behavior (read after free) */
mbedtls_printf("%u\n", (unsigned) *p);
}
@@ -108,11 +114,11 @@
void double_free(const char *name)
{
(void) name;
- volatile char *p = mbedtls_calloc(1, 1);
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
*p = 'a';
- mbedtls_free((void *) p);
+ free_but_the_compiler_does_not_know((void *) p);
/* Undefined behavior (double free) */
- mbedtls_free((void *) p);
+ free_but_the_compiler_does_not_know((void *) p);
}
void read_uninitialized_stack(const char *name)
@@ -132,7 +138,7 @@
void memory_leak(const char *name)
{
(void) name;
- volatile char *p = mbedtls_calloc(1, 1);
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
mbedtls_printf("%u\n", (unsigned) *p);
/* Leak of a heap object */
}
diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci
deleted file mode 100644
index 8179e2b..0000000
--- a/scripts/find-mem-leak.cocci
+++ /dev/null
@@ -1,20 +0,0 @@
-@@
-expression x, y;
-statement S;
-@@
- x = mbedtls_calloc(...);
- y = mbedtls_calloc(...);
- ...
-* if (x == NULL || y == NULL)
- S
-
-@@
-expression x, y;
-statement S;
-@@
- if (
-* (x = mbedtls_calloc(...)) == NULL
- ||
-* (y = mbedtls_calloc(...)) == NULL
- )
- S
diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py
new file mode 100644
index 0000000..bad26fd
--- /dev/null
+++ b/scripts/mbedtls_dev/crypto_data_tests.py
@@ -0,0 +1,112 @@
+"""Generate test data for cryptographic mechanisms.
+This module is a work in progress, only implementing a few cases for now.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+
+import hashlib
+from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import
+
+from . import crypto_knowledge
+from . import psa_information
+from . import test_case
+
+
+def psa_low_level_dependencies(*expressions: str) -> List[str]:
+ """Infer dependencies of a PSA low-level test case by looking for PSA_xxx symbols.
+ This function generates MBEDTLS_PSA_BUILTIN_xxx symbols.
+ """
+ high_level = psa_information.automatic_dependencies(*expressions)
+ for dep in high_level:
+ assert dep.startswith('PSA_WANT_')
+ return ['MBEDTLS_PSA_BUILTIN_' + dep[9:] for dep in high_level]
+
+
+class HashPSALowLevel:
+ """Generate test cases for the PSA low-level hash interface."""
+
+ def __init__(self, info: psa_information.Information) -> None:
+ self.info = info
+ base_algorithms = sorted(info.constructors.algorithms)
+ all_algorithms = \
+ [crypto_knowledge.Algorithm(expr)
+ for expr in info.constructors.generate_expressions(base_algorithms)]
+ self.algorithms = \
+ [alg
+ for alg in all_algorithms
+ if (not alg.is_wildcard and
+ alg.can_do(crypto_knowledge.AlgorithmCategory.HASH))]
+
+ # CALCULATE[alg] = function to return the hash of its argument in hex
+ # TO-DO: implement the None entries with a third-party library, because
+ # hashlib might not have everything, depending on the Python version and
+ # the underlying OpenSSL. On Ubuntu 16.04, truncated sha512 and sha3/shake
+ # are not available. On Ubuntu 22.04, md2, md4 and ripemd160 are not
+ # available.
+ CALCULATE = {
+ 'PSA_ALG_MD2': None,
+ 'PSA_ALG_MD4': None,
+ 'PSA_ALG_MD5': lambda data: hashlib.md5(data).hexdigest(),
+ 'PSA_ALG_RIPEMD160': None, #lambda data: hashlib.new('ripdemd160').hexdigest()
+ 'PSA_ALG_SHA_1': lambda data: hashlib.sha1(data).hexdigest(),
+ 'PSA_ALG_SHA_224': lambda data: hashlib.sha224(data).hexdigest(),
+ 'PSA_ALG_SHA_256': lambda data: hashlib.sha256(data).hexdigest(),
+ 'PSA_ALG_SHA_384': lambda data: hashlib.sha384(data).hexdigest(),
+ 'PSA_ALG_SHA_512': lambda data: hashlib.sha512(data).hexdigest(),
+ 'PSA_ALG_SHA_512_224': None, #lambda data: hashlib.new('sha512_224').hexdigest()
+ 'PSA_ALG_SHA_512_256': None, #lambda data: hashlib.new('sha512_256').hexdigest()
+ 'PSA_ALG_SHA3_224': None, #lambda data: hashlib.sha3_224(data).hexdigest(),
+ 'PSA_ALG_SHA3_256': None, #lambda data: hashlib.sha3_256(data).hexdigest(),
+ 'PSA_ALG_SHA3_384': None, #lambda data: hashlib.sha3_384(data).hexdigest(),
+ 'PSA_ALG_SHA3_512': None, #lambda data: hashlib.sha3_512(data).hexdigest(),
+ 'PSA_ALG_SHAKE256_512': None, #lambda data: hashlib.shake_256(data).hexdigest(64),
+ } #type: Dict[str, Optional[Callable[[bytes], str]]]
+
+ @staticmethod
+ def one_test_case(alg: crypto_knowledge.Algorithm,
+ function: str, note: str,
+ arguments: List[str]) -> test_case.TestCase:
+ """Construct one test case involving a hash."""
+ tc = test_case.TestCase()
+ tc.set_description('{}{} {}'
+ .format(function,
+ ' ' + note if note else '',
+ alg.short_expression()))
+ tc.set_dependencies(psa_low_level_dependencies(alg.expression))
+ tc.set_function(function)
+ tc.set_arguments([alg.expression] +
+ ['"{}"'.format(arg) for arg in arguments])
+ return tc
+
+ def test_cases_for_hash(self,
+ alg: crypto_knowledge.Algorithm
+ ) -> Iterator[test_case.TestCase]:
+ """Enumerate all test cases for one hash algorithm."""
+ calc = self.CALCULATE[alg.expression]
+ if calc is None:
+ return # not implemented yet
+
+ short = b'abc'
+ hash_short = calc(short)
+ long = (b'Hello, world. Here are 16 unprintable bytes: ['
+ b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a'
+ b'\x80\x81\x82\x83\xfe\xff]. '
+ b' This message was brought to you by a natural intelligence. '
+ b' If you can read this, good luck with your debugging!')
+ hash_long = calc(long)
+
+ yield self.one_test_case(alg, 'hash_empty', '', [calc(b'')])
+ yield self.one_test_case(alg, 'hash_valid_one_shot', '',
+ [short.hex(), hash_short])
+ for n in [0, 1, 64, len(long) - 1, len(long)]:
+ yield self.one_test_case(alg, 'hash_valid_multipart',
+ '{} + {}'.format(n, len(long) - n),
+ [long[:n].hex(), calc(long[:n]),
+ long[n:].hex(), hash_long])
+
+ def all_test_cases(self) -> Iterator[test_case.TestCase]:
+ """Enumerate all test cases for all hash algorithms."""
+ for alg in self.algorithms:
+ yield from self.test_cases_for_hash(alg)
diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py
new file mode 100644
index 0000000..a3a84f6
--- /dev/null
+++ b/scripts/mbedtls_dev/psa_information.py
@@ -0,0 +1,106 @@
+"""Collect information about PSA cryptographic mechanisms.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+
+import re
+from typing import Dict, FrozenSet, List, Optional
+
+from . import macro_collector
+
+
+def psa_want_symbol(name: str) -> str:
+ """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
+ if name.startswith('PSA_'):
+ return name[:4] + 'WANT_' + name[4:]
+ else:
+ raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
+
+def finish_family_dependency(dep: str, bits: int) -> str:
+ """Finish dep if it's a family dependency symbol prefix.
+ A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
+ qualified by the key size. If dep is such a symbol, finish it by adjusting
+ the prefix and appending the key size. Other symbols are left unchanged.
+ """
+ return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
+
+def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
+ """Finish any family dependency symbol prefixes.
+ Apply `finish_family_dependency` to each element of `dependencies`.
+ """
+ return [finish_family_dependency(dep, bits) for dep in dependencies]
+
+SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
+ 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
+ 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
+ 'PSA_ALG_ANY_HASH', # only in policies
+ 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
+ 'PSA_ALG_KEY_AGREEMENT', # chaining
+ 'PSA_ALG_TRUNCATED_MAC', # modifier
+])
+
+def automatic_dependencies(*expressions: str) -> List[str]:
+ """Infer dependencies of a test case by looking for PSA_xxx symbols.
+ The arguments are strings which should be C expressions. Do not use
+ string literals or comments as this function is not smart enough to
+ skip them.
+ """
+ used = set()
+ for expr in expressions:
+ used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
+ used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
+ return sorted(psa_want_symbol(name) for name in used)
+
+# A temporary hack: at the time of writing, not all dependency symbols
+# are implemented yet. Skip test cases for which the dependency symbols are
+# not available. Once all dependency symbols are available, this hack must
+# be removed so that a bug in the dependency symbols properly leads to a test
+# failure.
+def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
+ return frozenset(symbol
+ for line in open(filename)
+ for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
+_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
+
+def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
+ global _implemented_dependencies #pylint: disable=global-statement,invalid-name
+ if _implemented_dependencies is None:
+ _implemented_dependencies = \
+ read_implemented_dependencies('include/psa/crypto_config.h')
+ if not all((dep.lstrip('!') in _implemented_dependencies or
+ not dep.lstrip('!').startswith('PSA_WANT'))
+ for dep in dependencies):
+ dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
+
+class Information:
+ """Gather information about PSA constructors."""
+
+ def __init__(self) -> None:
+ self.constructors = self.read_psa_interface()
+
+ @staticmethod
+ def remove_unwanted_macros(
+ constructors: macro_collector.PSAMacroEnumerator
+ ) -> None:
+ # Mbed TLS doesn't support finite-field DH yet and will not support
+ # finite-field DSA. Don't attempt to generate any related test case.
+ constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
+ constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
+ constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
+ constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
+
+ def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
+ """Return the list of known key types, algorithms, etc."""
+ constructors = macro_collector.InputsForTest()
+ header_file_names = ['include/psa/crypto_values.h',
+ 'include/psa/crypto_extra.h']
+ test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
+ for header_file_name in header_file_names:
+ constructors.parse_header(header_file_name)
+ for test_cases in test_suites:
+ constructors.parse_test_cases(test_cases)
+ self.remove_unwanted_macros(constructors)
+ constructors.gather_arguments()
+ return constructors
diff --git a/scripts/rm-calloc-cast.cocci b/scripts/rm-calloc-cast.cocci
deleted file mode 100644
index 89481c0..0000000
--- a/scripts/rm-calloc-cast.cocci
+++ /dev/null
@@ -1,7 +0,0 @@
-@rm_calloc_cast@
-expression x, n, m;
-type T;
-@@
- x =
-- (T *)
- mbedtls_calloc(n, m)
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index fde8cc5..17153b7 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -19,6 +19,21 @@
#include MBEDTLS_CONFIG_FILE
#endif
+#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */
+# define MBEDTLS_TEST_HAVE_ASAN
+#endif
+#if defined(__has_feature)
+# if __has_feature(address_sanitizer) /* clang -fsanitize=address */
+# define MBEDTLS_TEST_HAVE_ASAN
+# endif
+# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */
+# define MBEDTLS_TEST_HAVE_MSAN
+# endif
+# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */
+# define MBEDTLS_TEST_HAVE_TSAN
+# endif
+#endif
+
#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \
defined(MBEDTLS_TEST_HOOKS)
#define MBEDTLS_TEST_MUTEX_USAGE
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 955a5f3..faebe51 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -14,109 +14,15 @@
from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional
import scripts_path # pylint: disable=unused-import
+from mbedtls_dev import crypto_data_tests
from mbedtls_dev import crypto_knowledge
-from mbedtls_dev import macro_collector
+from mbedtls_dev import macro_collector #pylint: disable=unused-import
+from mbedtls_dev import psa_information
from mbedtls_dev import psa_storage
from mbedtls_dev import test_case
from mbedtls_dev import test_data_generation
-def psa_want_symbol(name: str) -> str:
- """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
- if name.startswith('PSA_'):
- return name[:4] + 'WANT_' + name[4:]
- else:
- raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
-
-def finish_family_dependency(dep: str, bits: int) -> str:
- """Finish dep if it's a family dependency symbol prefix.
-
- A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
- qualified by the key size. If dep is such a symbol, finish it by adjusting
- the prefix and appending the key size. Other symbols are left unchanged.
- """
- return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
-
-def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
- """Finish any family dependency symbol prefixes.
-
- Apply `finish_family_dependency` to each element of `dependencies`.
- """
- return [finish_family_dependency(dep, bits) for dep in dependencies]
-
-SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
- 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
- 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
- 'PSA_ALG_ANY_HASH', # only in policies
- 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
- 'PSA_ALG_KEY_AGREEMENT', # chaining
- 'PSA_ALG_TRUNCATED_MAC', # modifier
-])
-def automatic_dependencies(*expressions: str) -> List[str]:
- """Infer dependencies of a test case by looking for PSA_xxx symbols.
-
- The arguments are strings which should be C expressions. Do not use
- string literals or comments as this function is not smart enough to
- skip them.
- """
- used = set()
- for expr in expressions:
- used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
- used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
- return sorted(psa_want_symbol(name) for name in used)
-
-# A temporary hack: at the time of writing, not all dependency symbols
-# are implemented yet. Skip test cases for which the dependency symbols are
-# not available. Once all dependency symbols are available, this hack must
-# be removed so that a bug in the dependency symbols properly leads to a test
-# failure.
-def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
- return frozenset(symbol
- for line in open(filename)
- for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
-_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
-def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
- global _implemented_dependencies #pylint: disable=global-statement,invalid-name
- if _implemented_dependencies is None:
- _implemented_dependencies = \
- read_implemented_dependencies('include/psa/crypto_config.h')
- if not all((dep.lstrip('!') in _implemented_dependencies or 'PSA_WANT' not in dep)
- for dep in dependencies):
- dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
-
-
-class Information:
- """Gather information about PSA constructors."""
-
- def __init__(self) -> None:
- self.constructors = self.read_psa_interface()
-
- @staticmethod
- def remove_unwanted_macros(
- constructors: macro_collector.PSAMacroEnumerator
- ) -> None:
- # Mbed TLS doesn't support finite-field DH yet and will not support
- # finite-field DSA. Don't attempt to generate any related test case.
- constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
- constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
- constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
- constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
-
- def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
- """Return the list of known key types, algorithms, etc."""
- constructors = macro_collector.InputsForTest()
- header_file_names = ['include/psa/crypto_values.h',
- 'include/psa/crypto_extra.h']
- test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
- for header_file_name in header_file_names:
- constructors.parse_header(header_file_name)
- for test_cases in test_suites:
- constructors.parse_test_cases(test_cases)
- self.remove_unwanted_macros(constructors)
- constructors.gather_arguments()
- return constructors
-
-
def test_case_for_key_type_not_supported(
verb: str, key_type: str, bits: int,
dependencies: List[str],
@@ -126,7 +32,7 @@
"""Return one test case exercising a key creation method
for an unsupported key type or size.
"""
- hack_dependencies_not_implemented(dependencies)
+ psa_information.hack_dependencies_not_implemented(dependencies)
tc = test_case.TestCase()
short_key_type = crypto_knowledge.short_expression(key_type)
adverb = 'not' if dependencies else 'never'
@@ -142,7 +48,7 @@
class KeyTypeNotSupported:
"""Generate test cases for when a key type is not supported."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
ALWAYS_SUPPORTED = frozenset([
@@ -166,10 +72,10 @@
# They would be skipped in all configurations, which is noise.
return
import_dependencies = [('!' if param is None else '') +
- psa_want_symbol(kt.name)]
+ psa_information.psa_want_symbol(kt.name)]
if kt.params is not None:
import_dependencies += [('!' if param == i else '') +
- psa_want_symbol(sym)
+ psa_information.psa_want_symbol(sym)
for i, sym in enumerate(kt.params)]
if kt.name.endswith('_PUBLIC_KEY'):
generate_dependencies = []
@@ -178,7 +84,7 @@
for bits in kt.sizes_to_test():
yield test_case_for_key_type_not_supported(
'import', kt.expression, bits,
- finish_family_dependencies(import_dependencies, bits),
+ psa_information.finish_family_dependencies(import_dependencies, bits),
test_case.hex_string(kt.key_material(bits)),
param_descr=param_descr,
)
@@ -192,7 +98,7 @@
if not kt.is_public():
yield test_case_for_key_type_not_supported(
'generate', kt.expression, bits,
- finish_family_dependencies(generate_dependencies, bits),
+ psa_information.finish_family_dependencies(generate_dependencies, bits),
str(bits),
param_descr=param_descr,
)
@@ -224,7 +130,7 @@
) -> test_case.TestCase:
"""Return one test case exercising a key generation.
"""
- hack_dependencies_not_implemented(dependencies)
+ psa_information.hack_dependencies_not_implemented(dependencies)
tc = test_case.TestCase()
short_key_type = crypto_knowledge.short_expression(key_type)
tc.set_description('PSA {} {}-bit'
@@ -238,7 +144,7 @@
class KeyGenerate:
"""Generate positive and negative (invalid argument) test cases for key generation."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
@@ -255,9 +161,9 @@
"""
result = 'PSA_SUCCESS'
- import_dependencies = [psa_want_symbol(kt.name)]
+ import_dependencies = [psa_information.psa_want_symbol(kt.name)]
if kt.params is not None:
- import_dependencies += [psa_want_symbol(sym)
+ import_dependencies += [psa_information.psa_want_symbol(sym)
for i, sym in enumerate(kt.params)]
if kt.name.endswith('_PUBLIC_KEY'):
# The library checks whether the key type is a public key generically,
@@ -272,7 +178,7 @@
for bits in kt.sizes_to_test():
yield test_case_for_key_generation(
kt.expression, bits,
- finish_family_dependencies(generate_dependencies, bits),
+ psa_information.finish_family_dependencies(generate_dependencies, bits),
str(bits),
result
)
@@ -299,7 +205,7 @@
INCOMPATIBLE = 2
PUBLIC = 3
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
key_type_expressions = self.constructors.generate_expressions(
sorted(self.constructors.key_types)
@@ -336,7 +242,7 @@
pretty_alg,
pretty_reason,
' with ' + pretty_type if pretty_type else ''))
- dependencies = automatic_dependencies(alg.base_expression, key_type)
+ dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type)
for i, dep in enumerate(dependencies):
if dep in not_deps:
dependencies[i] = '!' + dep
@@ -363,7 +269,7 @@
"""Generate failure test cases for keyless operations with the specified algorithm."""
if alg.can_do(category):
# Compatible operation, unsupported algorithm
- for dep in automatic_dependencies(alg.base_expression):
+ for dep in psa_information.automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
not_deps=frozenset([dep]))
@@ -381,7 +287,7 @@
key_is_compatible = kt.can_do(alg)
if key_is_compatible and alg.can_do(category):
# Compatible key and operation, unsupported algorithm
- for dep in automatic_dependencies(alg.base_expression):
+ for dep in psa_information.automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
kt=kt, not_deps=frozenset([dep]))
@@ -487,10 +393,10 @@
class StorageFormat:
"""Storage format stability test cases."""
- def __init__(self, info: Information, version: int, forward: bool) -> None:
+ def __init__(self, info: psa_information.Information, version: int, forward: bool) -> None:
"""Prepare to generate test cases for storage format stability.
- * `info`: information about the API. See the `Information` class.
+ * `info`: information about the API. See the `psa_information.Information` class.
* `version`: the storage format version to generate test cases for.
* `forward`: if true, generate forward compatibility test cases which
save a key and check that its representation is as intended. Otherwise
@@ -557,11 +463,11 @@
verb = 'save' if self.forward else 'read'
tc = test_case.TestCase()
tc.set_description(verb + ' ' + key.description)
- dependencies = automatic_dependencies(
+ dependencies = psa_information.automatic_dependencies(
key.lifetime.string, key.type.string,
key.alg.string, key.alg2.string,
)
- dependencies = finish_family_dependencies(dependencies, key.bits)
+ dependencies = psa_information.finish_family_dependencies(dependencies, key.bits)
tc.set_dependencies(dependencies)
tc.set_function('key_storage_' + verb)
if self.forward:
@@ -766,13 +672,13 @@
class StorageFormatForward(StorageFormat):
"""Storage format stability test cases for forward compatibility."""
- def __init__(self, info: Information, version: int) -> None:
+ def __init__(self, info: psa_information.Information, version: int) -> None:
super().__init__(info, version, True)
class StorageFormatV0(StorageFormat):
"""Storage format stability test cases for version 0 compatibility."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
super().__init__(info, 0, False)
def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
@@ -882,6 +788,7 @@
yield from super().generate_all_keys()
yield from self.all_keys_for_implicit_usage()
+
class PSATestGenerator(test_data_generation.TestGenerator):
"""Test generator subclass including PSA targets and info."""
# Note that targets whose names contain 'test_format' have their content
@@ -891,20 +798,23 @@
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(),
+ 'test_suite_psa_crypto_low_hash.generated':
+ lambda info: crypto_data_tests.HashPSALowLevel(info).all_test_cases(),
'test_suite_psa_crypto_op_fail.generated':
lambda info: OpFail(info).all_test_cases(),
'test_suite_psa_crypto_storage_format.current':
lambda info: StorageFormatForward(info, 0).all_test_cases(),
'test_suite_psa_crypto_storage_format.v0':
lambda info: StorageFormatV0(info).all_test_cases(),
- } #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
+ } #type: Dict[str, Callable[[psa_information.Information], Iterable[test_case.TestCase]]]
def __init__(self, options):
super().__init__(options)
- self.info = Information()
+ self.info = psa_information.Information()
def generate_target(self, name: str, *target_args) -> None:
super().generate_target(name, self.info)
+
if __name__ == '__main__':
test_data_generation.main(sys.argv[1:], __doc__, PSATestGenerator)
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 401b89d..0edb626 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -279,9 +279,18 @@
# Space-separated list of ciphersuites supported by this build of
# Mbed TLS.
-P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
- grep TLS- |
- tr -s ' \n' ' ')"
+P_CIPHERSUITES=""
+if [ "$LIST_TESTS" -eq 0 ]; then
+ P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null |
+ grep 'TLS-' |
+ tr -s ' \n' ' ')"
+
+ if [ -z "${P_CIPHERSUITES# }" ]; then
+ echo >&2 "$0: fatal error: no cipher suites found!"
+ exit 125
+ fi
+fi
+
requires_ciphersuite_enabled() {
case $P_CIPHERSUITES in
*" $1 "*) :;;
@@ -8997,7 +9006,6 @@
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_CHACHAPOLY_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-p "$P_PXY mtu=512" \
@@ -9011,7 +9019,7 @@
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
hs_timeout=10000-60000 \
mtu=512" \
0 \
@@ -9029,8 +9037,6 @@
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-p "$P_PXY mtu=512" \
@@ -9062,8 +9068,6 @@
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-p "$P_PXY mtu=1024" \
@@ -9095,8 +9099,6 @@
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
@@ -9129,8 +9131,6 @@
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-p "$P_PXY mtu=1024" \
diff --git a/tests/suites/test_suite_psa_crypto_low_hash.function b/tests/suites/test_suite_psa_crypto_low_hash.function
new file mode 100644
index 0000000..6dabcef
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_low_hash.function
@@ -0,0 +1,209 @@
+/* BEGIN_HEADER */
+/*
+ * Test suite for the PSA hash built-in driver
+ *
+ * This test suite exercises some aspects of the built-in PSA driver for
+ * hash algorithms (psa_crypto_hash.c). This code is mostly tested via
+ * the application interface (above the PSA API layer) and via tests of
+ * individual hash modules. The goal of this test suite is to ensure that
+ * the driver dispatch layer behaves correctly even when not invoked via
+ * the API layer, but directly from another driver.
+ *
+ * This test suite is currently incomplete. It focuses on non-regression
+ * tests for past bugs or near misses.
+ */
+
+#include <psa_crypto_hash.h>
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_BUILTIN_HASH
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void hash_valid_one_shot(int alg_arg, data_t *input,
+ data_t *expected)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected->len;
+ size_t length = SIZE_MAX;
+
+ /* Nominal case */
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* Larger output buffer */
+ output_size = expected->len + 1;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* We don't test with a smaller output buffer because this isn't
+ * guaranteed to work: the core must pass a sufficiently large
+ * output buffer to the driver. */
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_valid_multipart(int alg_arg,
+ data_t *input1, data_t *expected1,
+ data_t *input2, data_t *expected2)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected1->len;
+ size_t length = SIZE_MAX;
+ mbedtls_psa_hash_operation_t operation0; // original
+ memset(&operation0, 0, sizeof(operation0));
+ mbedtls_psa_hash_operation_t clone_start; // cloned after setup
+ memset(&clone_start, 0, sizeof(clone_start));
+ mbedtls_psa_hash_operation_t clone_middle; // cloned between updates
+ memset(&clone_middle, 0, sizeof(clone_middle));
+ mbedtls_psa_hash_operation_t clone_end; // cloned before finish
+ memset(&clone_end, 0, sizeof(clone_end));
+ mbedtls_psa_hash_operation_t clone_more; // cloned before finish
+ memset(&clone_more, 0, sizeof(clone_more));
+
+ /* Nominal case with two update calls */
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation0, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_start),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation0, input1->x, input1->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_middle),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation0, input2->x, input2->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_end),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation0,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+
+ /* Nominal case with an operation cloned after setup */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_update(&clone_start, input1->x, input1->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_start,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected1->x, expected1->len, output, length);
+
+ /* Nominal case with an operation cloned between updates */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_update(&clone_middle, input2->x, input2->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_middle,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+
+ /* Nominal case with an operation cloned before finish */
+ TEST_EQUAL(mbedtls_psa_hash_clone(&clone_end, &clone_more),
+ PSA_SUCCESS);
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* Larger output buffer */
+ TEST_EQUAL(mbedtls_psa_hash_clone(&clone_more, &clone_end),
+ PSA_SUCCESS);
+ output_size = expected2->len + 1;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* We don't test with a smaller output buffer because this isn't
+ * guaranteed to work: the core must pass a sufficiently large
+ * output buffer to the driver. */
+
+ /* Nominal case again after an error in a cloned operation */
+ output_size = expected2->len;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_more,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+ mbedtls_psa_hash_abort(&operation0);
+ mbedtls_psa_hash_abort(&clone_start);
+ mbedtls_psa_hash_abort(&clone_middle);
+ mbedtls_psa_hash_abort(&clone_end);
+ mbedtls_psa_hash_abort(&clone_more);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_empty(int alg_arg, data_t *expected)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected->len;
+ size_t length = SIZE_MAX;
+ mbedtls_psa_hash_operation_t operation;
+ memset(&operation, 0, sizeof(operation));
+
+ ASSERT_ALLOC(output, output_size);
+
+ /* One-shot */
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, NULL, 0,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+ /* Multipart, no update */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+ /* Multipart, one update */
+ memset(output, 0, output_size);
+ memset(&operation, 0, sizeof(operation));
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation, NULL, 0),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+exit:
+ mbedtls_free(output);
+ mbedtls_psa_hash_abort(&operation);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_low_hash.generated.data b/tests/suites/test_suite_psa_crypto_low_hash.generated.data
new file mode 100644
index 0000000..30cc9cf
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_low_hash.generated.data
@@ -0,0 +1,171 @@
+# Automatically generated by generate_psa_tests.py. Do not edit!
+
+hash_empty MD5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5
+hash_empty:PSA_ALG_MD5:"d41d8cd98f00b204e9800998ecf8427e"
+
+hash_valid_one_shot MD5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5
+hash_valid_one_shot:PSA_ALG_MD5:"616263":"900150983cd24fb0d6963f7d28e17f72"
+
+hash_valid_multipart 0 + 179 MD5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5
+hash_valid_multipart:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"581d07c1c1cf41c302d587ca06659166"
+
+hash_valid_multipart 1 + 178 MD5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5
+hash_valid_multipart:PSA_ALG_MD5:"48":"c1d9f50f86825a1a2302ec2449c17196":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"581d07c1c1cf41c302d587ca06659166"
+
+hash_valid_multipart 64 + 115 MD5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5
+hash_valid_multipart:PSA_ALG_MD5:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"f643f3cdd664a99674b060a871e5cdf6":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"581d07c1c1cf41c302d587ca06659166"
+
+hash_valid_multipart 178 + 1 MD5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5
+hash_valid_multipart:PSA_ALG_MD5:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"484d9ce483e5d65fa93622e5e0502163":"21":"581d07c1c1cf41c302d587ca06659166"
+
+hash_valid_multipart 179 + 0 MD5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5
+hash_valid_multipart:PSA_ALG_MD5:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"581d07c1c1cf41c302d587ca06659166":"":"581d07c1c1cf41c302d587ca06659166"
+
+hash_empty SHA_1
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1
+hash_empty:PSA_ALG_SHA_1:"da39a3ee5e6b4b0d3255bfef95601890afd80709"
+
+hash_valid_one_shot SHA_1
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1
+hash_valid_one_shot:PSA_ALG_SHA_1:"616263":"a9993e364706816aba3e25717850c26c9cd0d89d"
+
+hash_valid_multipart 0 + 179 SHA_1
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1
+hash_valid_multipart:PSA_ALG_SHA_1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"68e3b2a18096d66916a64b84085772c1ee2b7e72"
+
+hash_valid_multipart 1 + 178 SHA_1
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1
+hash_valid_multipart:PSA_ALG_SHA_1:"48":"7cf184f4c67ad58283ecb19349720b0cae756829":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"68e3b2a18096d66916a64b84085772c1ee2b7e72"
+
+hash_valid_multipart 64 + 115 SHA_1
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1
+hash_valid_multipart:PSA_ALG_SHA_1:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"750ba870591b392b0a82a93715018733809d6d60":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"68e3b2a18096d66916a64b84085772c1ee2b7e72"
+
+hash_valid_multipart 178 + 1 SHA_1
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1
+hash_valid_multipart:PSA_ALG_SHA_1:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"95147c023be4f648064a8003d856901dd4cae0aa":"21":"68e3b2a18096d66916a64b84085772c1ee2b7e72"
+
+hash_valid_multipart 179 + 0 SHA_1
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1
+hash_valid_multipart:PSA_ALG_SHA_1:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"68e3b2a18096d66916a64b84085772c1ee2b7e72":"":"68e3b2a18096d66916a64b84085772c1ee2b7e72"
+
+hash_empty SHA_224
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224
+hash_empty:PSA_ALG_SHA_224:"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
+
+hash_valid_one_shot SHA_224
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224
+hash_valid_one_shot:PSA_ALG_SHA_224:"616263":"23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"
+
+hash_valid_multipart 0 + 179 SHA_224
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224
+hash_valid_multipart:PSA_ALG_SHA_224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444"
+
+hash_valid_multipart 1 + 178 SHA_224
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224
+hash_valid_multipart:PSA_ALG_SHA_224:"48":"7e27c59a202f5e2b2b3b5458300140ef7aa7edc3a97a605b788546a1":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444"
+
+hash_valid_multipart 64 + 115 SHA_224
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224
+hash_valid_multipart:PSA_ALG_SHA_224:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"ee50241ec35c16da236ed1d98a67635ec684dcaa205d59ef91a0bc95":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444"
+
+hash_valid_multipart 178 + 1 SHA_224
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224
+hash_valid_multipart:PSA_ALG_SHA_224:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"b28b9b1080f8ba1f274c41ad40823dca0d6e575abaa42c5b01588cd2":"21":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444"
+
+hash_valid_multipart 179 + 0 SHA_224
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224
+hash_valid_multipart:PSA_ALG_SHA_224:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444":"":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444"
+
+hash_empty SHA_256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_empty:PSA_ALG_SHA_256:"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+
+hash_valid_one_shot SHA_256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_valid_one_shot:PSA_ALG_SHA_256:"616263":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+
+hash_valid_multipart 0 + 179 SHA_256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_valid_multipart:PSA_ALG_SHA_256:"":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc"
+
+hash_valid_multipart 1 + 178 SHA_256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_valid_multipart:PSA_ALG_SHA_256:"48":"44bd7ae60f478fae1061e11a7739f4b94d1daf917982d33b6fc8a01a63f89c21":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc"
+
+hash_valid_multipart 64 + 115 SHA_256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_valid_multipart:PSA_ALG_SHA_256:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"ac068007f505c49f58818543ba0566528b54caffe65494da3515a8295ca986ad":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc"
+
+hash_valid_multipart 178 + 1 SHA_256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_valid_multipart:PSA_ALG_SHA_256:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"82effb9677d08d1ef33f578433cfcfb96355fe19372808e0711d72337671f152":"21":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc"
+
+hash_valid_multipart 179 + 0 SHA_256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_valid_multipart:PSA_ALG_SHA_256:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc":"":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc"
+
+hash_empty SHA_384
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
+hash_empty:PSA_ALG_SHA_384:"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
+
+hash_valid_one_shot SHA_384
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
+hash_valid_one_shot:PSA_ALG_SHA_384:"616263":"cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7"
+
+hash_valid_multipart 0 + 179 SHA_384
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
+hash_valid_multipart:PSA_ALG_SHA_384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd"
+
+hash_valid_multipart 1 + 178 SHA_384
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
+hash_valid_multipart:PSA_ALG_SHA_384:"48":"72df8089b04fd6038238731b218a64da29bd83a34bced02a29f3139833671028584a653f74f1afecfac51064a0e6416c":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd"
+
+hash_valid_multipart 64 + 115 SHA_384
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
+hash_valid_multipart:PSA_ALG_SHA_384:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"fced26dd21bb61dbb69f704e8aa6cd6e00da4ceecfc55dc94fe48458bc72fb603c23186150923578e4a7237af0e6105c":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd"
+
+hash_valid_multipart 178 + 1 SHA_384
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
+hash_valid_multipart:PSA_ALG_SHA_384:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"30d426688d31277644b0aa8c32435a36c17f2b8ef20c17e2069405951d01d0e66983e4f98ae1103f85b5e94862ea8b59":"21":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd"
+
+hash_valid_multipart 179 + 0 SHA_384
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
+hash_valid_multipart:PSA_ALG_SHA_384:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd":"":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd"
+
+hash_empty SHA_512
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
+hash_empty:PSA_ALG_SHA_512:"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
+
+hash_valid_one_shot SHA_512
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
+hash_valid_one_shot:PSA_ALG_SHA_512:"616263":"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"
+
+hash_valid_multipart 0 + 179 SHA_512
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
+hash_valid_multipart:PSA_ALG_SHA_512:"":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0"
+
+hash_valid_multipart 1 + 178 SHA_512
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
+hash_valid_multipart:PSA_ALG_SHA_512:"48":"9032fb94055d4d14e42185bdff59642b98fe6073f68f29d394620c4e698a86fb2e51351ca6997e6a164aae0b871cf789fbc6e0d863733d05903b4eb11be58d9c":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0"
+
+hash_valid_multipart 64 + 115 SHA_512
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
+hash_valid_multipart:PSA_ALG_SHA_512:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"98cde721bfa735807497358c48c5e5d4302410f30c3afc3b08f40da267d23a28a88ecdd9d52711189fa2ddca54343e37a14d401aee3ac47df3b469c15906bce1":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0"
+
+hash_valid_multipart 178 + 1 SHA_512
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
+hash_valid_multipart:PSA_ALG_SHA_512:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"0d86ca214f7634d86c13f95068b226d16bd1e65337da4983ce88e82fa2515957495fc6c50b2afb677bea54de9e1b8e7c694591605c514abed7fdc18f181fe01c":"21":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0"
+
+hash_valid_multipart 179 + 0 SHA_512
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
+hash_valid_multipart:PSA_ALG_SHA_512:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0":"":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0"
+
+# End of automatically generated file.
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 406a063..6ffba84 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -2781,6 +2781,18 @@
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
+X509 CSR ASN.1 (Unsupported critical extension, critical=true, ignore for backwards compatibility)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0
+
+X509 CSR ASN.1 (Unsupported non-critical extension, critical=false)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+mbedtls_x509_csr_parse:"308201243081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004b5e718a7df6b21912733e77c42f266b8283e6cae7adf8afd56b990c1c6232ea0a2a46097c218353bc948444aea3d00423e84802e28c48099641fe9977cdfb505a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101000403010101300a06082a8648ce3d0403020348003045022100f0ba9a0846ad0a7cefd0a61d5fc92194dc06037a44158de2d0c569912c058d430220421f27a9f249c1687e2fa34db3f543c8512fd925dfe5ae00867f13963ffd4f8d":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0
+
+X509 CSR ASN.1 (Unsupported non-critical extension, critical undefined)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+mbedtls_x509_csr_parse:"308201223081c802010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d030107034200045f94b28d133418833bf10c442d91306459d3925e7cea06ebb9220932e7de116fb671c5d2d6c0a3784a12897217aef8432e7228fcea0ab016bdb67b67ced4c612a025302306092a864886f70d01090e311630143012060b2b0601040183890c8622020403010101300a06082a8648ce3d04030203490030460221009b1e8b25775c18525e96753e1ed55875f8d62f026c5b7f70eb5037ad27dc92de022100ba1dfe14de6af6a603f763563fd046b1cd3714b54d6daf5d8a72076497f11014":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0
+
X509 CSR ASN.1 (bad first tag)
mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT